An industrial robot includes a robot controller for controlling the motions of the robot and often also a portable programming unit, usually denoted a teach pendant unit, designed for programming and monitoring of the robot operations. Robot controllers have the ability to control motion and I/O signals and have abilities to create and edit internal configurations and programs that affect the operation of the robot while programming and during operation in productions. These abilities are broken down into functions with privileges allocated to each set. For example, an I/O function has privileges to read signals, write signals, and create or delete signals. Similarly a program function has a set of privileges for reading, writing, updating, and deleting programs, among others.
Different persons when using the controller are given different sets of privileges for accessing the functions of the controller. One user might have the privilege to change I/O signals but not change programs, while another user may have privileges for accessing all functions of the controller. In some cases, accessing certain functions includes an element of physical safety. The ability to change to start or stop robot motion can affect physical safety of a person if that person is in the vicinity of the robot. Similarly, the ability to change an I/O signal can affect peripheral equipment on and around the robot and can affect the safety of the individual in the robot cell.
Commonly the users of the robot are organized into groups; each group is assigned a set of functions and privileges for those functions. To access a controller function and the privileges, most robot controllers provide an interface for receiving credentials in the form of username and password, an authentication component for authentication of the credentials, and an authorization component for handling authorization for access to the robot controller functions and their privileges based on the result of the authentication. This system works well when the user is physically present in, or near the robot cell.
Robot controllers and production cells are complex devices where many things can go wrong and where the configuration and program can be very complex. Experienced service technicians are needed most times that one debugs or modifies a robot and its program and configuration. It is very expensive and ineffective in a large production environment and in a global robot service organization to have to send specialized service engineers to be physically present near the robot cell in order to perform service or updates and modifications. It is thereby advantageous to provide some form of remote access to a controller and its functions so that specialists need not travel to all the different robot sites.
Often, a plurality of robot controllers is connected to a common local network. The local network can be connected to the Internet. Many types of robot controllers are provided with a web server and have the technical possibility for allowing access to the controller over the Internet. Thus, it is possible to provide remote service and assistance of the robot via the Internet. However, in such cases it is important to ensure that access to the robot controller functions takes into account the safety of the persons working and equipment in and about the robot in the cell. As robot controllers control physical mechanics and I/O signals, remote access entails higher risk in that the remote person cannot see all that is going on in the robot cell. In addition, remote access may occur at a time when there are people physically present in the robot cell or when the robot is working in production. It is of benefit if the operator of the robot cell has local control over the remote access. Further, the operator should be able to restrict access to the time period during which the service engineer needs access to the robot controller functions. The problem faced is how to allow remote access to the robot controller functions under controlled circumstances.
The systems used today rely upon a user name and password in order to allow access to the controller. A problem with user names and passwords is that these are complex to administer for a plurality of robot controllers. In addition, robot controllers often have inaccurate clocks and administering multiple robots each with different user names and passwords and with different expiration times become burdensome. Furthermore, the user name and password also must be transmitted to the remote service engineer over a secure line and this could be difficult as well as expensive. In order to make sure that there can be no access to the controller at other times, it is often necessary to use hardware to connect and disconnect the Internet connection, which is an expensive solution. In addition, it is desired to be able to allow access to a set of robots at the same time.
If access is to be allowed to only some or one of the robot controllers connected to the network, different passwords must be used for providing access to different controllers. If the system contains a large number of robots it is troublesome to handle the large number of passwords needed for accessing the controllers.